1. Copyright 2007 © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP Foundation OWASP http://www.owasp.org SDLC: Where do they work well, where do they fail? Pravir Chandra Bart De Win John Steven Dave Wichers Cassio Goldschmidt (Moderator)

2. OWASP 2 SDLC: Where do they work well, where do they fail?  What practice (or process) became obsolete?

3. OWASP 3 SDLC: Where do they work well, where do they fail?  What do you see as the strengths and weakness of static code analysis, runtime verification and binary analysis. When would you recommend one over another?

4. OWASP 4 SDLC: Where do they work well, where do they fail?  How do you recommend teams to deal with the integration of 3rd party components to a product?

5. OWASP 5 SDLC: Where do they work well, where do they fail?  How do I know as a tester when I’m done Fuzzing?

6. OWASP 6 SDLC: Where do they work well, where do they fail?  What do you view as the most pressing issue in the security industry?

7. OWASP 7 Audience Questions?